TAYGA tunnel IPv4: 192.168.64.1 (dynamic pool: 192.168.64.0/24)
A IPv4 tunnel that is outside of the range of any subnets handled by pfsense. I used 192.168.64.0 but you can choose anything you’d like.

TAYGA tunnel IPv6: 2001:db8:1::2 (prefix: 64:ff9b::/96)
Similar to the prior tunnel subnet, except that the prefix we are using is the RFC 6052 prefix used by the public Google DNS64 service.

Step 1 – Setup TAYGA

This should be done on a basic Debian linux installation. It could be a physical machine or a virtual machine. In my case I used a VM.

Assign it a static IPv4 and IPv6 address. Modify /etc/network/interfaces

The final firewall configuration that you may want to change in pfSense, is under System / Advanced / Firewall & NAT
The following option is needed as otherwise some traffic is filtered by the pfSense firewall and things like Zoom.us video calls, and WebSocket connections will drop and come back up constantly.

Static route filtering: Bypass firewall rules for traffic
on the same interface
(check this box)

Now we’ll need to add the static routes so that the RFC 6052 prefix and IPv4 pool will be routed back to the debian machine running tayga.

Once again in pfSense go to System / Routing.
Let’s create two new gateways. Both should be on the “LAN” interface.
One with the IP of 10.1.1.3 and the other with an IP of 2001:4:1f:98::2

Next let’s create 3 static routes.

Route #1 – IPv4 pool

Destination network: 192.168.64.0 / 24Gateway: 10.1.1.3

Route #2 – IPv6 prefix

Destination network: 64:ff9b:: / 96Gatway: 2001:4:1f:98::2

Route #3 – IPv6 Tunnel Address

Destination network: 2001:db8:1::2Gatway: 2001:4:1f:98::2

Ready to test

There are services such as Google’s Chromecast that do not yet work with NAT64. But Apple is making a big push towards all apps being compatible, so it’s only a matter of time before we can run our local networks v4-free!